IFuzzer: An Evolutionary Interpreter Fuzzer Using Genetic Programming

@InProceedings{conf/esorics/VeggalamRHB16,
title = "{IFuzzer}: An Evolutionary Interpreter Fuzzer Using
Genetic Programming",
author = "Spandan Veggalam and Sanjay Rawat and
Istvan Haller and Herbert Bos",
bibdate = "2017-05-23",
bibsource = "DBLP,
http://dblp.uni-trier.de/db/conf/esorics/esorics2016-1.html#VeggalamRHB16",
booktitle = "Computer Security - {ESORICS} 2016 - 21st European
Symposium on Research in Computer Security, Heraklion,
Greece, September 26-30, 2016, Proceedings, Part {I}",
publisher = "Springer",
year = "2016",
volume = "9878",
editor = "Ioannis G. Askoxylakis and Sotiris Ioannidis and
Sokratis K. Katsikas and Catherine A. Meadows",
isbn13 = "978-3-319-45743-7",
pages = "581--601",
series = "Lecture Notes in Computer Science",
keywords = "genetic algorithms, genetic programming, SBSE, fuzzing
system, security vulnerability, evolutionary
computing",
URL = "https://link.springer.com/chapter/10.1007%2F978-3-319-45744-4_29",
DOI = "doi:10.1007/978-3-319-45744-4_29",
abstract = "We present an automated evolutionary fuzzing technique
to find bugs in JavaScript interpreters. Fuzzing is an
automated black box testing technique used for finding
security vulnerabilities in the software by providing
random data as input. However, in the case of an
interpreter, fuzzing is challenging because the inputs
are piece of codes that should be
syntactically/semantically valid to pass the
interpreter's elementary checks. On the other hand, the
fuzzed input should also be uncommon enough to trigger
exceptional behaviour in the interpreter, such as
crashes, memory leaks and failing assertions. In our
approach, we use evolutionary computing techniques,
specifically genetic programming, to guide the fuzzer
in generating uncommon input code fragments that may
trigger exceptional behaviour in the interpreter. We
implement a prototype named IFuzzer to evaluate our
technique on real-world examples. IFuzzer uses the
language grammar to generate valid inputs. We applied
IFuzzer first on an older version of the JavaScript
interpreter of Mozilla (to allow for a fair comparison
to existing work) and found 40 bugs, of which 12 were
exploitable. On subsequently targeting the latest
builds of the interpreter, IFuzzer found 17 bugs, of
which four were security bugs.",
}